ssh-client: Use SHA256 finger prints

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
2025-01-09 15:38:16 +01:00 · 2019-03-20 19:05:49 +01:00 · 2019-03-20 19:05:49 +01:00 · 2ffcbbd185
commit 2ffcbbd185
parent 72ddb7eb08
2 changed files with 6 additions and 4 deletions
--- a/options-table.c
+++ b/options-table.c
@ -925,13 +925,13 @@ const struct options_table_entry options_table[] = {
 	{ .name = "tmate-server-rsa-fingerprint",
 	  .type = OPTIONS_TABLE_STRING,
 	  .scope = OPTIONS_TABLE_SERVER,
-	  .default_str = "af:2d:81:c1:fe:49:70:2d:7f:09:a9:d7:4b:32:e3:be"
+	  .default_str = "SHA256:Hthk2T/M/Ivqfk1YYUn5ijC2Att3+UPzD7Rn72P5VWs"
 	},

 	{ .name = "tmate-server-ecdsa-fingerprint",
 	  .type = OPTIONS_TABLE_STRING,
 	  .scope = OPTIONS_TABLE_SERVER,
-	  .default_str = "c7:a1:51:36:d2:bb:35:4b:0a:1a:c0:43:97:74:ea:42"
+	  .default_str = "SHA256:8GmKHYHEJ6n0TEdciHeEGkKOigQfCFuBULdt6vZIhDc"
 	},

 	{ .name = "tmate-display-time",
--- a/tmate-ssh-client.c
+++ b/tmate-ssh-client.c
@ -287,12 +287,14 @@ static void on_ssh_client_event(struct tmate_ssh_client *client)
 		if (ssh_get_publickey(session, &pubkey) < 0)
 			tmate_fatal("ssh_get_publickey");

-		if (ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_MD5, &hash, &hash_len) < 0) {
+		if (ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA256,
+					   &hash, &hash_len) < 0) {
 			kill_ssh_client(client, "Cannot authenticate server");
 			return;
 		}

-		hash_str = ssh_get_hexa(hash, hash_len);
+		hash_str = ssh_get_fingerprint_hash(SSH_PUBLICKEY_HASH_SHA256,
+						    hash, hash_len);
 		if (!hash_str)
 			tmate_fatal("malloc failed");